CVE-2022-4629: 
WordPress vulnerability analysis and mitigation

The Product Slider for WooCommerce WordPress plugin before version 2.6.4 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on December 28, 2022, and was assigned CVE-2022-4629. The issue affects the plugin's shortcode functionality, specifically impacting WordPress installations running Product Slider for WooCommerce versions prior to 2.6.4 (WPScan).

The vulnerability stems from the plugin's failure to properly validate and escape shortcode attributes before outputting them back in the page. The issue has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Cross-Site Scripting (NVD).

This vulnerability allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. These attacks could be leveraged against high-privilege users such as administrators, potentially leading to unauthorized actions or data exposure (WPScan).

The vulnerability has been fixed in version 2.6.4 of the Product Slider for WooCommerce plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).